000034265 - RSA Authentication Manager 8.1 and 8.2 show a system message that administrator "trustedapp" attempted to update a principal, Failure Unexpected directory operation failure

Document created by RSA Customer Support Employee on Nov 9, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000034265
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1.0, 8.1.1, 8.2.0
IssueAuthentication Manager 8.1 SP1 and 8.2 display the following system messages:

Description:  Administrator "trustedapp" attempted to update a principal

Activity Result Key:  Failure,
Result:  Unexpected directory operation failure
Component Key: system.com.rsa.ims.admin.dal.ldap.BaseAccessLDAP
Arg1: AD
Arg2: cn=riddick\, rena a.,ou=endusers,ou=div17,ou=hqhq,dc=fbi,dc=gov
Exception: javax.naming.NoPermissionsException: [LDAP: error code 50 - 00000005: SecErr: DSID-031A1256, problem 4003 (INSUFF_ACCESS_RIGHTS)

 
Trustedapp_failed_to_update.png

 
CauseThese errors will display if,
  • An Authentication Manager administrator attempted to change an LDAP user's password in the Security Console, or
  • A user attempted to change their own LDAP password through the agent, but the external identity source directory user ID does not have write permissions into LDAP.
 
OC-IDsource_Connection_UserID.png
ResolutionIf you want your deployment to allow updates to Windows passwords through the RSA Security Console or through Windows agents,
  1. From the Operations Console, navigate to Deployment Configuration > Identity Sources > Manage Existing and click on the identity source that you wish to update.  
  2. Select Edit.  Scroll to the Identity Source Directory Connection and define an external identity source user ID account, also called a binding account, that has write permissions to the AD.
  3. Use LDAPS (with a certificate) for the identity source directory connection (Deployment Configuration > Identity Source Certificates > Add New).  For more information, please review this article on Identity Source SSL Certificates.

Attachments

    Outcomes